Commit 98b41592 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'docs-clarify-primary-identifier' into 'master'

Clarify docs for primary vulnerability identifier

See merge request gitlab-org/gitlab!43235
parents 685c9f1c 397dd078
...@@ -374,12 +374,16 @@ which is shared by the analyzers that GitLab maintains. You can [contribute](htt ...@@ -374,12 +374,16 @@ which is shared by the analyzers that GitLab maintains. You can [contribute](htt
new generic identifiers to if needed. Analyzers may also produce vendor-specific or product-specific new generic identifiers to if needed. Analyzers may also produce vendor-specific or product-specific
identifiers, which don't belong in the [common library](https://gitlab.com/gitlab-org/security-products/analyzers/common). identifiers, which don't belong in the [common library](https://gitlab.com/gitlab-org/security-products/analyzers/common).
The first item of the `identifiers` array is called the primary identifier. The first item of the `identifiers` array is called the [primary
identifier](../../user/application_security/terminology/#primary-identifier).
The primary identifier is particularly important, because it is used to The primary identifier is particularly important, because it is used to
[track vulnerabilities](#tracking-and-merging-vulnerabilities) as new commits are pushed to the repository. [track vulnerabilities](#tracking-and-merging-vulnerabilities) as new commits are pushed to the repository.
Identifiers are also used to [merge duplicate vulnerabilities](#tracking-and-merging-vulnerabilities) Identifiers are also used to [merge duplicate vulnerabilities](#tracking-and-merging-vulnerabilities)
reported for the same commit, except for `CWE` and `WASC`. reported for the same commit, except for `CWE` and `WASC`.
Not all vulnerabilities have CVEs, and a CVE can be identified multiple times. As a result, a CVE
isn't a stable identifier and you shouldn't assume it as such when tracking vulnerabilities.
### Location ### Location
The `location` indicates where the vulnerability has been detected. The `location` indicates where the vulnerability has been detected.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment